net-analyzer/gvmd: new package.
authorHasan ÇALIŞIR <hasan.calisir@psauxit.com>
Mon, 12 Aug 2019 15:14:47 +0000 (18:14 +0300)
committerJoonas Niilola <juippis@gentoo.org>
Mon, 28 Oct 2019 04:02:18 +0000 (06:02 +0200)
openvas-manager with version 8 has been renamed in
Greenbone vulnerability manager (gvmd).
Version bump to 8.0.1. This also fixes bug 684186
and introduces the new USE flags 'postgres','sqlite'.

Closes: https://bugs.gentoo.org/684186
Closes: https://bugs.gentoo.org/692004
Reported-by: Anton Bolshakov <blshkv@pentoo.ch>
Package-Manager: Portage-2.3.69, Repoman-2.3.16
Signed-off-by: Hasan ÇALIŞIR <hasan.calisir@psauxit.com>
Signed-off-by: Joonas Niilola <juippis@gentoo.org>
13 files changed:
net-analyzer/gvmd/Manifest [new file with mode: 0644]
net-analyzer/gvmd/files/greenbone-certdata-sync.conf [new file with mode: 0644]
net-analyzer/gvmd/files/greenbone-nvt-sync.conf [new file with mode: 0644]
net-analyzer/gvmd/files/greenbone-scapdata-sync.conf [new file with mode: 0644]
net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch [new file with mode: 0644]
net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch [new file with mode: 0644]
net-analyzer/gvmd/files/gvmd-daemon.conf [new file with mode: 0644]
net-analyzer/gvmd/files/gvmd-startpre.sh [new file with mode: 0644]
net-analyzer/gvmd/files/gvmd.init [new file with mode: 0644]
net-analyzer/gvmd/files/gvmd.logrotate [new file with mode: 0644]
net-analyzer/gvmd/files/gvmd.service [new file with mode: 0644]
net-analyzer/gvmd/gvmd-8.0.1.ebuild [new file with mode: 0644]
net-analyzer/gvmd/metadata.xml [new file with mode: 0644]

diff --git a/net-analyzer/gvmd/Manifest b/net-analyzer/gvmd/Manifest
new file mode 100644 (file)
index 0000000..328c523
--- /dev/null
@@ -0,0 +1 @@
+DIST gvmd-8.0.1.tar.gz 1495311 BLAKE2B 17419f5fecf7cce07536a5e12f17a61a31d45add185e0e1635515834eca6abd8a6babeb89b8f879ff8cb90b60f3682a19a62403142f4901be3f932b8a44cac68 SHA512 5490b902ad42499657eca9031b396c70a82d3c523985601067e697758f2472d123c4e99b085b963e58888d99224fa2a441a140772c702d7cd60d6424b126bfc8
diff --git a/net-analyzer/gvmd/files/greenbone-certdata-sync.conf b/net-analyzer/gvmd/files/greenbone-certdata-sync.conf
new file mode 100644 (file)
index 0000000..d31a733
--- /dev/null
@@ -0,0 +1 @@
+COMMUNITY_CERT_RSYNC_FEED="rsync://feed.openvas.org:/cert-data"
diff --git a/net-analyzer/gvmd/files/greenbone-nvt-sync.conf b/net-analyzer/gvmd/files/greenbone-nvt-sync.conf
new file mode 100644 (file)
index 0000000..967c41d
--- /dev/null
@@ -0,0 +1 @@
+COMMUNITY_NVT_RSYNC_FEED="rsync://feed.openvas.org:/nvt-feed"
diff --git a/net-analyzer/gvmd/files/greenbone-scapdata-sync.conf b/net-analyzer/gvmd/files/greenbone-scapdata-sync.conf
new file mode 100644 (file)
index 0000000..4a7426b
--- /dev/null
@@ -0,0 +1 @@
+COMMUNITY_SCAP_RSYNC_FEED="rsync://feed.openvas.org:/scap-data"
diff --git a/net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch b/net-analyzer/gvmd/files/gvmd-8.0.1-sbin.patch
new file mode 100644 (file)
index 0000000..bf21acb
--- /dev/null
@@ -0,0 +1,56 @@
+--- a/src/CMakeLists.txt       2019-07-17 17:11:52.000000000 +0300
++++ b/src/CMakeLists.txt       2019-07-21 22:43:17.299106863 +0300
+@@ -248,12 +248,12 @@
+ ## Install
+ install (TARGETS ${BINARY_NAME}
+-         RUNTIME DESTINATION ${SBINDIR}
++         RUNTIME DESTINATION ${BINDIR}
+          LIBRARY DESTINATION ${LIBDIR}
+          ARCHIVE DESTINATION ${LIBDIR}/static)
+ install (FILES ${CMAKE_CURRENT_BINARY_DIR}/gvmd
+-         DESTINATION ${SBINDIR})
++         DESTINATION ${BINDIR})
+ if (BACKEND STREQUAL POSTGRESQL)
+   install (TARGETS gvm-pg-server
+--- a/CMakeLists.txt   2019-07-22 11:31:13.430827400 +0300
++++ b/CMakeLists.txt   2019-07-22 11:32:29.034765809 +0300
+@@ -571,17 +571,17 @@
+          PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
+ install (FILES ${CMAKE_BINARY_DIR}/tools/gvm-portnames-update
+-         DESTINATION ${SBINDIR}
++         DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-scapdata-sync
+-         DESTINATION ${SBINDIR}
++         DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ install (FILES ${CMAKE_BINARY_DIR}/tools/greenbone-certdata-sync
+-         DESTINATION ${SBINDIR}
++         DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+@@ -593,13 +593,13 @@
+                      WORLD_READ WORLD_EXECUTE)
+ install (FILES ${CMAKE_BINARY_DIR}/tools/gvm-migrate-to-postgres
+-         DESTINATION ${SBINDIR}
++         DESTINATION ${BINDIR}
+          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                      GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ if (BACKEND STREQUAL SQLITE3)
+   install (FILES ${CMAKE_SOURCE_DIR}/tools/database-statistics-sqlite
+-           DESTINATION ${SBINDIR}
++           DESTINATION ${BINDIR}
+            PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE
+                        GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+ endif (BACKEND STREQUAL SQLITE3)
diff --git a/net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch b/net-analyzer/gvmd/files/gvmd-8.0.1-tmplock.patch
new file mode 100644 (file)
index 0000000..40b1e00
--- /dev/null
@@ -0,0 +1,34 @@
+--- a/tools/greenbone-certdata-sync.in 2019-07-17 17:11:52.000000000 +0300
++++ b/tools/greenbone-certdata-sync.in 2019-07-22 21:11:36.173099530 +0300
+@@ -494,13 +494,11 @@
+ fi
+ (
+   flock -n 9
+-  date > $LOCK_FILE
+   if [ $? -eq 1 ] ; then
+     log_notice "Sync in progress, exiting."
+     exit 1
+   fi
+   sync_certdata
+-  echo -n > $LOCK_FILE
+-) 9>$LOCK_FILE
++)
+ exit 0
+--- a/tools/greenbone-scapdata-sync.in 2019-07-17 17:11:52.000000000 +0300
++++ b/tools/greenbone-scapdata-sync.in 2019-07-22 21:12:49.193161531 +0300
+@@ -517,13 +517,11 @@
+ fi
+ (
+   flock -n 9
+-  date > $LOCK_FILE
+   if [ $? -eq 1 ] ; then
+     log_notice "Sync in progress, exiting."
+     exit 1
+   fi
+   sync_scapdata
+-  echo -n > $LOCK_FILE
+-) 9>$LOCK_FILE
++)
+ exit 0
diff --git a/net-analyzer/gvmd/files/gvmd-daemon.conf b/net-analyzer/gvmd/files/gvmd-daemon.conf
new file mode 100644 (file)
index 0000000..d97da00
--- /dev/null
@@ -0,0 +1,29 @@
+# GVMD command args
+
+# e.g --foreground
+GVMD_OPTIONS=""
+
+# Manager listen address unix socket
+# Failing under non-root user (looking for solution)
+GVMD_LISTEN_ADDRESS_UNIX="--unix-socket=/var/run/gvmd.sock"
+
+# Manager listen address TCP
+GVMD_LISTEN_ADDRESS_TCP="--listen=127.0.0.1"
+
+# Manager listen port
+GVMD_PORT="--port=9390"
+
+# Manager unix socket listen owner
+GVMD_LISTEN_OWNER="--listen-owner=gvm"
+
+# Manager unix socket listen group
+GVMD_LISTEN_GROUP="--listen-group=gvm"
+
+# Manager unix socket listen mode
+GVMD_LISTEN_MODE="--listen-mode=755"
+
+# Scanner listen address unix socket
+GVMD_SCANNER_HOST="--scanner-host=/var/run/openvassd.sock"
+
+# TLS settings
+GVMD_GNUTLS_PRIORITIES="--gnutls-priorities=SECURE256:+SUITEB192:+SECURE192:+SECURE128:+SUITEB128:-MD5:-SHA1:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-SSL3.0"
diff --git a/net-analyzer/gvmd/files/gvmd-startpre.sh b/net-analyzer/gvmd/files/gvmd-startpre.sh
new file mode 100644 (file)
index 0000000..d04daa0
--- /dev/null
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+# Greenbone Vulnerability Manager Systemd ExecStartPre
+touch /var/run/gvm-{checking,create-functions,helping,migrating,serving}
+chown -R gvm:gvm /var/run/gvm-{checking,create-functions,helping,migrating,serving}
diff --git a/net-analyzer/gvmd/files/gvmd.init b/net-analyzer/gvmd/files/gvmd.init
new file mode 100644 (file)
index 0000000..9686c9b
--- /dev/null
@@ -0,0 +1,24 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+: ${GVMD_USER:=gvm}
+: ${GVMD_GROUP:=gvm}
+: ${GVMD_TIMEOUT:=30}
+
+name="Greenbone Vulnerability Manager"
+command=/usr/bin/gvmd
+command_args="${GVMD_OPTIONS} ${GVMD_LISTEN_ADDRESS_TCP} ${GVMD_PORT} ${GVMD_SCANNER_HOST} ${GVMD_GNUTLS_PRIORITIES}"
+command_background="true"
+command_user="${GVMD_USER}:${GVMD_GROUP}"
+pidfile="/run/gvmd.pid"
+retry="${GVMD_TIMEOUT}"
+
+depend() {
+       after bootmisc
+       need localmount net openvassd
+}
+
+start_pre() {
+       /bin/bash /etc/gvm/gvmd-startpre.sh
+}
diff --git a/net-analyzer/gvmd/files/gvmd.logrotate b/net-analyzer/gvmd/files/gvmd.logrotate
new file mode 100644 (file)
index 0000000..4534625
--- /dev/null
@@ -0,0 +1,13 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# Daemon ignore HUP so we use 'copytruncate' instead of 'create' 
+# with safe file size to prevent losing log entries.
+
+/var/log/gvm/gvmd.log {
+       compress
+       missingok
+       notifempty
+       sharedscripts
+       copytruncate
+       maxsize 10M
+}
diff --git a/net-analyzer/gvmd/files/gvmd.service b/net-analyzer/gvmd/files/gvmd.service
new file mode 100644 (file)
index 0000000..2e3ad84
--- /dev/null
@@ -0,0 +1,21 @@
+[Unit]
+Description=Greenbone Vulnerability Manager
+After=network.target
+After=openvassd.service
+Wants=openvassd.service
+Before=gsad.service
+
+[Service]
+Type=forking
+PrivateTmp=yes
+User=gvm
+Group=gvm
+PermissionsStartOnly=true
+EnvironmentFile=-/etc/gvm/sysconfig/gvmd-daemon.conf
+ExecStartPre=-/etc/gvm/gvmd-startpre.sh
+ExecStart=/usr/bin/gvmd $GVMD_OPTIONS $GVMD_LISTEN_ADDRESS_TCP $GVMD_PORT $GVMD_SCANNER_HOST $GVMD_GNUTLS_PRIORITIES
+Restart=on-failure
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-analyzer/gvmd/gvmd-8.0.1.ebuild b/net-analyzer/gvmd/gvmd-8.0.1.ebuild
new file mode 100644 (file)
index 0000000..2c6da5d
--- /dev/null
@@ -0,0 +1,120 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+CMAKE_MAKEFILE_GENERATOR="emake"
+inherit cmake-utils flag-o-matic systemd toolchain-funcs
+
+DESCRIPTION="Greenbone vulnerability manager, previously named openvas-manager"
+HOMEPAGE="https://www.greenbone.net/en/"
+SRC_URI="https://github.com/greenbone/gvmd/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2+"
+KEYWORDS="~amd64 ~x86"
+IUSE="extras postgres sqlite"
+REQUIRED_USE="|| ( postgres sqlite )"
+
+DEPEND="
+       dev-libs/libgcrypt:0=
+       dev-libs/libical
+       >=net-analyzer/gvm-libs-10.0.1
+       net-libs/gnutls:=[tools]
+       extras?   ( app-text/xmlstarlet
+                   dev-texlive/texlive-latexextra )
+       postgres? ( dev-db/postgresql:* )
+       sqlite?   ( dev-db/sqlite:3 )"
+
+RDEPEND="
+       ${DEPEND}
+       !net-analyzer/openvas-manager
+       ~net-analyzer/openvas-scanner-6.0.1"
+
+BDEPEND="
+       sys-devel/bison
+       sys-devel/flex
+       virtual/pkgconfig
+       extras? ( app-doc/doxygen[dot]
+                 app-doc/xmltoman
+                 app-text/htmldoc
+                 dev-libs/libxslt
+       )"
+
+PATCHES=(
+       # Install exec. to /usr/bin instead of /usr/sbin
+       "${FILESDIR}/${P}-sbin.patch"
+       # Fix permissions for user gvm.
+       "${FILESDIR}/${P}-tmplock.patch"
+)
+
+src_prepare() {
+       cmake-utils_src_prepare
+       # QA-Fix | Use correct FHS/Gentoo policy paths for 8.0.1
+       sed -i -e "s*share/doc/gvm/html/*share/doc/gvmd-${PV}/html/*g" "$S"/doc/CMakeLists.txt || die
+       sed -i -e "s*/doc/gvm/*/doc/gvmd-${PV}/*g" "$S"/CMakeLists.txt || die
+       # QA-Fix | Remove !CLANG Doxygen warnings for 8.0.1
+       if use extras; then
+               if ! tc-is-clang; then
+                  local f
+                  for f in doc/*.in
+                  do
+                       sed -i \
+                               -e "s*CLANG_ASSISTED_PARSING = NO*#CLANG_ASSISTED_PARSING = NO*g" \
+                               -e "s*CLANG_OPTIONS*#CLANG_OPTIONS*g" \
+                               "${f}" || die "couldn't disable CLANG parsing"
+                  done
+               fi
+       fi
+}
+
+src_configure() {
+       local mycmakeargs=(
+               "-DCMAKE_INSTALL_PREFIX=${EPREFIX}/usr"
+               "-DLOCALSTATEDIR=${EPREFIX}/var"
+               "-DSYSCONFDIR=${EPREFIX}/etc"
+       )
+       # Add release hardening flags for 8.0.1
+       append-cflags -Wno-nonnull -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector
+       append-ldflags -Wl,-z,relro -Wl,-z,now
+       cmake-utils_src_configure
+}
+
+src_compile() {
+       cmake-utils_src_compile
+       if use extras; then
+               cmake-utils_src_make -C "${BUILD_DIR}" doc
+               cmake-utils_src_make doc-full -C "${BUILD_DIR}" doc
+               HTML_DOCS=( "${BUILD_DIR}"/doc/generated/html/. )
+       fi
+       cmake-utils_src_make rebuild_cache
+}
+
+src_install() {
+       cmake-utils_src_install
+
+       dodir /etc/gvm
+       insinto /etc/gvm
+       doins -r "${FILESDIR}"/*sync*
+
+       dodir /etc/gvm/sysconfig
+       insinto /etc/gvm/sysconfig
+       doins "${FILESDIR}/${PN}-daemon.conf"
+
+       exeinto /etc/gvm
+       doexe "${FILESDIR}"/gvmd-startpre.sh
+
+       fowners -R gvm:gvm /etc/gvm
+
+       newinitd "${FILESDIR}/${PN}.init" "${PN}"
+       newconfd "${FILESDIR}/${PN}-daemon.conf" "${PN}"
+
+       insinto /etc/logrotate.d
+       newins "${FILESDIR}/${PN}.logrotate" "${PN}"
+
+       systemd_dounit "${FILESDIR}/${PN}.service"
+
+       # Set proper permissions on required files/directories
+       keepdir /var/lib/gvm/gvmd
+       fowners -R gvm:gvm /var/lib/gvm
+}
diff --git a/net-analyzer/gvmd/metadata.xml b/net-analyzer/gvmd/metadata.xml
new file mode 100644 (file)
index 0000000..36ce32a
--- /dev/null
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+       <maintainer type="person">
+               <email>hasan.calisir@psauxit.com</email>
+               <name>Hasan ÇALIŞIR</name>
+       </maintainer>
+       <maintainer type="project">
+               <email>proxy-maint@gentoo.org</email>
+               <name>Proxy Maintainers</name>
+       </maintainer>
+       <use>
+               <flag name="extras">Html docs support</flag>
+       </use>
+       <longdescription lang="en">
+       The Greenbone Vulnerability Manager is the central management service between security scanners and the user clients.
+       It manages the storage of any vulnerability management configurations and of the scan results.
+       Access to data, control commands and workflows is offered via the XML-based Greenbone Management Protocol (GMP).
+       The primary scanner OpenVAS Scanner is controlled directly via protocol OTP while any other 
+       remote scanner is coupled with the Open Scanner Protocol (OSP).
+       </longdescription>
+       <upstream>
+               <remote-id type="github">greenbone/gvmd</remote-id>
+       </upstream>
+</pkgmetadata>